It was big news when Microsoft announced it was working on a version of Windows that would run on tablets with ARM-based processors… but by the time Windows RT actually launched it was a lot less exciting. Devices like the Microsoft Surface and Surface 2 couldn’t run desktop Windows apps and weren’t significantly cheaper than Intel Atom-powered tablets running the full version of Windows, and they didn’t even get better battery life.
So it’s not particularly surprising that Microsoft has largely abandoned Windows RT. Devices like the Surface 2 can’t be upgraded to run Windows 10.
But Microsoft is continuing to push security updates to Windows RT… and if you happen to have one of the handful of Windows RT tablets that hit the market a few years ago the latest update has a surprise implication: it patches a Windows Secure Boot vulnerability that could have allowed you to replace Windows RT with another operating system.
It would have been nice to have known that option existed before Microsoft killed it.
To be fair, Microsoft labels this as a security issue and says the patch is meant to prevent malware from running on a device. According to the release notes, the MS16-094 security update removes a vulnerability that “could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device.”
The issue didn’t just affect Windows RT. It was also in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows 10.
But as The Register notes, the vulnerability was also a backdoor that would have allowed someone to bypass the locked bootloader on Windows RT devices like the Surface 1, Surface 2, Asus VivoTab RT, and Nokia Lumia 2520.
In the nearly three years since Windows RT was first released, I’m pretty sure no method for bypassing the locked bootloader has been found… which has prevented users from developing custom ROMs for these tablets or trying to replace Windows RT with Android or a GNU/Linux distribution such as Ubuntu.
I suppose it’s possible that users who have Windows RT devices that haven’t already received the MS16-094 update might be able to avoid downloading the security patch and explore methods for loading an alternate OS. But these days there are plenty of other tablets that are probably better options for OS hackers.